eternity | 55840078f2ca98ff5b225f321eeb7964b0a7c847c503ee9976bebf282eb93405

General

Target

098b7eb23782750ddd8135a64f0aedac.exe
Size

3.2MB
MD5

098b7eb23782750ddd8135a64f0aedac
SHA1

0ac85b5f3767b0d6b79d311c8e8118c32f5d3230
SHA256

55840078f2ca98ff5b225f321eeb7964b0a7c847c503ee9976bebf282eb93405
SHA512

8d0d7d7e1b879dcf7fb69f01d09da74c7b002bcb3d18021bccec121257cc61e048ea4c286c4a4e6d1d5f289a96fa4abb4e7724564bbb597223c186e4477f8cb5
SSDEEP

98304:puOMX20UBP7WqFZfQGb47IfRNNXQX3lBQ:AOgsScB8kNNXQXjQ

Score

10^/10

eternity

Malware Config

Signatures

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity
Executes dropped EXE 1 IoCs

Processes:

tlauncher-resource-1.4.exe

pid process

1980 tlauncher-resource-1.4.exe
Loads dropped DLL 1 IoCs

Processes:

098b7eb23782750ddd8135a64f0aedac.exe

pid process

2000 098b7eb23782750ddd8135a64f0aedac.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

tlauncher-resource-1.4.exe

description pid process

Token: SeDebugPrivilege 1980 tlauncher-resource-1.4.exe

pid	process
1980	tlauncher-resource-1.4.exe

pid	process
2000	098b7eb23782750ddd8135a64f0aedac.exe

description	pid	process
Token: SeDebugPrivilege	1980	tlauncher-resource-1.4.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

098b7eb23782750ddd8135a64f0aedac.exe

description	pid	process	target process
PID 2000 wrote to memory of 712	2000	098b7eb23782750ddd8135a64f0aedac.exe	javaw.exe
PID 2000 wrote to memory of 712	2000	098b7eb23782750ddd8135a64f0aedac.exe	javaw.exe
PID 2000 wrote to memory of 712	2000	098b7eb23782750ddd8135a64f0aedac.exe	javaw.exe
PID 2000 wrote to memory of 712	2000	098b7eb23782750ddd8135a64f0aedac.exe	javaw.exe
PID 2000 wrote to memory of 1980	2000	098b7eb23782750ddd8135a64f0aedac.exe	tlauncher-resource-1.4.exe
PID 2000 wrote to memory of 1980	2000	098b7eb23782750ddd8135a64f0aedac.exe	tlauncher-resource-1.4.exe
PID 2000 wrote to memory of 1980	2000	098b7eb23782750ddd8135a64f0aedac.exe	tlauncher-resource-1.4.exe
PID 2000 wrote to memory of 1980	2000	098b7eb23782750ddd8135a64f0aedac.exe	tlauncher-resource-1.4.exe
PID 2000 wrote to memory of 1980	2000	098b7eb23782750ddd8135a64f0aedac.exe	tlauncher-resource-1.4.exe
PID 2000 wrote to memory of 1980	2000	098b7eb23782750ddd8135a64f0aedac.exe	tlauncher-resource-1.4.exe
PID 2000 wrote to memory of 1980	2000	098b7eb23782750ddd8135a64f0aedac.exe	tlauncher-resource-1.4.exe

C:\Users\Admin\AppData\Local\Temp\098b7eb23782750ddd8135a64f0aedac.exe
"C:\Users\Admin\AppData\Local\Temp\098b7eb23782750ddd8135a64f0aedac.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2000

C:\Program Files\Java\jre7\bin\javaw.exe
"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\tlauncher-resource-1.4.jar"
2⤵
PID:712

C:\Users\Admin\AppData\Local\Temp\tlauncher-resource-1.4.exe
"C:\Users\Admin\AppData\Local\Temp\tlauncher-resource-1.4.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1980

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tlauncher-resource-1.4.exe
Filesize
76KB

MD5
dbb92d6b3c324f8871bc508830b05c14

SHA1
4507d24c7d78a24fe5d92f916ed972709529ced0

SHA256
376294f1dd51cbb9591672655bb2720aeda8dd8004fcc0cb7c333b54ca5746f8

SHA512
d089dc29a1e982b7dd7e50698acdaf138455fb8b3e02b0874bec6734f261bf1a8ea5f10bcc43bb3c557812aeeeeb0410db157bfe341ee67516d6b8c3b758002a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tlauncher-resource-1.4.exe
Filesize
76KB

MD5
dbb92d6b3c324f8871bc508830b05c14

SHA1
4507d24c7d78a24fe5d92f916ed972709529ced0

SHA256
376294f1dd51cbb9591672655bb2720aeda8dd8004fcc0cb7c333b54ca5746f8

SHA512
d089dc29a1e982b7dd7e50698acdaf138455fb8b3e02b0874bec6734f261bf1a8ea5f10bcc43bb3c557812aeeeeb0410db157bfe341ee67516d6b8c3b758002a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tlauncher-resource-1.4.jar
Filesize
3.2MB

MD5
acbc8aa5ba5cdddf5f1e67befe8cc597

SHA1
63b4bf89744b532e65c1afa3294743d2b3798f2b

SHA256
1f46b3a163012f9729905633b5e5e03ce385066ae43138a564729c942f9ca6b9

SHA512
d974a032d9af451c0dd51fbc0d64840f3e03eb502f40e4ab60d6722913b8a48d44a75752fcff60656e4d19089570a894222959745af11bcdf93ea1544192fee3

Download Submit
\Users\Admin\AppData\Local\Temp\tlauncher-resource-1.4.exe
Filesize
76KB

MD5
dbb92d6b3c324f8871bc508830b05c14

SHA1
4507d24c7d78a24fe5d92f916ed972709529ced0

SHA256
376294f1dd51cbb9591672655bb2720aeda8dd8004fcc0cb7c333b54ca5746f8

SHA512
d089dc29a1e982b7dd7e50698acdaf138455fb8b3e02b0874bec6734f261bf1a8ea5f10bcc43bb3c557812aeeeeb0410db157bfe341ee67516d6b8c3b758002a

Download Submit
memory/712-68-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/1980-75-0x0000000000880000-0x000000000089A000-memory.dmp

Filesize
104KB

Download
memory/1980-76-0x0000000004C70000-0x0000000004CB0000-memory.dmp

Filesize
256KB

Download
memory/1980-77-0x0000000004C70000-0x0000000004CB0000-memory.dmp

Filesize
256KB

Download
memory/2000-54-0x0000000000FA0000-0x00000000012E6000-memory.dmp

Filesize
3.3MB

Download
memory/2000-56-0x0000000004C20000-0x0000000004C60000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing